CVE-2026-32051
Published: 21 March 2026
Summary
CVE-2026-32051 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations for access to system resources, addressing the inconsistent owner-only gating during agent execution that allowed operator.write scope to invoke privileged tool surfaces.
Employs least privilege principle to restrict users to only authorized functions, preventing operator.write scoped callers from performing owner-only control-plane actions.
Ensures access control decisions are made and enforced based on user scopes and attributes, mitigating the authorization mismatch in scoped-token deployments during agent runs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authorization bypass (CWE-863) from operator.write to owner-only surfaces directly enables privilege escalation via exploitation (T1068) and unauthorized access to cron tool surfaces for scheduled task abuse (T1053.003).
NVD Description
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deployments. Attackers with write-scope access can perform control-plane actions…
more
beyond their intended authorization level by exploiting inconsistent owner-only gating during agent execution.
Deeper analysisAI
CVE-2026-32051, published on 2026-03-21, is an authorization mismatch vulnerability (CWE-863) in OpenClaw versions prior to 2026.3.1. The flaw stems from inconsistent owner-only gating during agent execution in scoped-token deployments, enabling authenticated callers with operator.write scope to invoke owner-only tool surfaces, including gateway and cron.
Attackers require only low privileges (operator.write scope) to exploit this remotely over the network with low attack complexity and no user interaction. Exploitation allows performing control-plane actions beyond the attacker's intended authorization level, leading to high impacts on confidentiality, integrity, and availability, as reflected in its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Mitigation details are available in advisories such as the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-jr6x-2q95-fh2g and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-agent-runs-via-owner-only-tool-access. The vulnerability is addressed in OpenClaw version 2026.3.1 and later.
Details
- CWE(s)